GOING MOBILE: How Mobile Credentials Can Improve Access Control in Healthcare

Gourgen Oganessyan
February 8, 2019
Topic: Healthcare

With more than 60% of the world’s population owning a mobile phone, business use of smartphones has become ubiquitous for the workforce around the world.

Healthcare organizations have taken notice and are taking steps to enable the use of once banished mobile devices. A recent survey by Spyglass Consulting Group found that nine out of 10 healthcare systems are planning to invest in mobile platforms—even providing smartphones to hospitals workers. Another recent survey by Spõk found that 71% of clinicians said that their hospitals allow the use of “bring your own device” (BYOD).

Yet, this increased mobile device usage at hospitals brings with it increased security concerns. A recent HIMSS cybersecurity report documented the risks to hospital data integrity that are posed by vulnerable and unsecured devices.

The good news is that today’s mobile devices provide more than one layer of built-in authentication capabilities that can significantly reduce security risks. In addition, as many of these devices move to multimodal biometric authentication, such as fingerprint, facial, voice—even dynamic type, or keystroke recognition—they represent the future of secure user authentication.

Mobile: Bringing Flexibility to Authentication in Healthcare

With the convenience of mobile devices—and their inherently secure authentication capabilities—they are proving to be effective means for identification and access control at institutions everywhere. While not expected to replace the traditional proximity and contactless badges any time soon, smartphone-based credentials can bring additional flexibility to physical and logical access in cases when using a physical badge is not feasible or desirable. Here are just a few examples of how healthcare organizations are employing secure mobile credentials to improve productivity and convenience for hospital staff and patients.

Staff identification and access control

During each shift, healthcare workers perform a myriad of tasks, including accessing patient records, interfacing with patients, printing patient documents, recording information and scheduling procedures. The list is long—and nearly every task requires logging into and out of a computer. Doing so by traditional means of entering usernames and passwords consumes valuable time that can otherwise be spent on patient care.

With mobile credentials, staff can quickly log in and out of the hospital’s systems by tapping their smartphones to a mobile credential reader. Information from the mobile credential is read by the Bluetooth® reader and authenticated. Single sign-on (SSO) software can then provide quick and secure access to the EMR and many other applications. If proximity and contactless capability is incorporated in the same reader, the user can also use these traditional credentials for access.

Visitor and vendor access

Hospital visitors and vendors arriving for meetings use electronic links - provided by the hospital - to download a temporary visitor access badge directly to their mobile device. Upon arrival at the hospital, the user taps their smartphone to the Bluetooth mobile credential reader in the hospital lobby, which authenticates them and notifies the patient or employee of their arrival. At the end of the visit, the temporary access is automatically deactivated.

Secure print management 

HIPAA mandates the confidentiality of protected health information (PHI). Hospitals employ thousands of printers across their facilities to print documents that include PHI. The information must be protected from prying eyes and nefarious cyber-attacks. The solution that many healthcare organizations have adopted is secure pull print, requiring users to scan a badge or enter a code at the printer, before their document can be printed.

Now, it’s possible for employees to use their mobile devices for authentication at printers throughout the hospital by simply tapping their smartphones to the mobile credential reader mounted on the printer. Clinicians and other staff can also send confidential patient reports from remote offices or other locations to the hospital ahead of time, so that they can securely print them when they arrive at the hospital.

Digital wallets

Hospital staff can also use their smartphones to pay for meals in the hospital cafeteria. They can access the menu on their phones and select their meals by presenting the smartphone to the mobile reader. The individual’s account is then debited for the price of the meal and a receipt is then sent to the smartphone.

Industry leadership

At RF IDeas, we have expanded our industry-leading in-building identification and access control readers to include mobile authentication. This year at HIMSS we will be demonstrating how our pcProx® Plus mobile credential reader with integrated Bluetooth low-energy technology, which is now compatible with Orange™ Pack ID and Safetrust Wallet mobile credentials, can provide a valuable authentication option to healthcare organizations around the world.